From the Boing Boing Shop

Follow Us

I have a lot of respect for ex-Microsoft Chief Software Architect Ray Ozzie, but when I saw that he'd taken to promoting a Clipper-Chip-style key escrow system, I was disheartened -- I'm a pretty keen observer of these proposals and have spent a lot of time having their problems explained to me by some of the world's leading cryptographers, and this one seemed like it had the same problems as all of those dead letters.

But Ozzie knows more about software engineering than I do, so I wondered if he'd made some kind of breakthrough that I wasn't grasping.

Nope.

Johns Hopkins cryptographer Matthew Green (previously) has written a very long and thorough piece on the problems with Ozzie's proposal. The two highlights are:

1. This requires every phone manufacturer (including little ones overseas) to maintain perfect, eternal, literal physical vaults full of cryptographic keys that are of limitless value to every government and criminal syndicate in the world. That's the problem we have with Certificate Authorities, but unlike SSL keys, these keys could never be recalled or replaced. If that vault was ever breached, every phone whose keys was in it would be insecure, forever.

2. This also requires the creation of a secure coprocessor similar to the one Apple tried to make, and it, too, would have to last for, say, 100 years without a single vulnerability being discovered it (major, multiple vulns in Apple's Secure Vault were discovered in five years, and the company that found and weaponized the bugs had its sourcecode stolen and is being blackmailed for a king's ransom in Bitcoin at the moment). This processor doesn't exist and Ozzie has not provided any details on how you'd make one.

The tldr is that this Key Escrow system works fine, provided you have access to a perfect processor that no one knows how to make, and provided that hundreds of companies never, ever make a single physical security mistake, when they are being targeted by adversaries with (literally) hundreds of millions of dollars to throw at the problem -- and they have to be error-free even after they go out of business.

So, once you have this perfect and eternal unobtanium in hand, you can do some pretty great stuff. But if you get any of this even the tiniest bit wrong, you visit catastrophe on millions or even billions of people. You can make things that work really well, if you don't care how they fail.

While this mainly concludes my notes about on Ozzie’s proposal, I want to conclude this post with a side note, a response to something I routinely hear from folks in the law enforcement community. This is the criticism that cryptographers are a bunch of naysayers who aren’t trying to solve “one of the most fundamental problems of our time”, and are instead just rejecting the problem with lazy claims that it “can’t work”.

As a researcher, my response to this is: phooey.

Cryptographers — myself most definitely included — love to solve crazy problems. We do this all the time. You want us to deploy a new cryptocurrency? No problem! Want us to build a system that conducts a sugar-beet auction using advanced multiparty computation techniques? Awesome. We’re there. No problem at all.

But there’s crazy and there’s crazy.

The reason so few of us are willing to bet on massive-scale key escrow systems is that we’ve thought about it and we don’t think it will work.

Legendary cryptographer and security researcher Matt Blaze (previously) somehow acquired a key engraver and now he's "using it to engrave entirely serious labels on my keys that are not in any way ironic or confusing."

Remember when Malcolm Turnbull, the goddamned idiot who was briefly Prime Minister of Australia, was told that the laws of mathematics mean that there was no way to make a cryptography system that was weak enough that the cops could use to spy on bad guys, but strong enough that the bad guys couldn't use […]

Use a single password for every website, and you’re compromising your security. Use a different one each time, and you’re bound to lose track of them. The solution? RoboForm Everywhere, a catch-all tool that will not only manage the passwords on every site you visit but generate better ones. As a simple password database, it’s […]

Just a reminder: Print isn’t dead. And now that printers are becoming as portable as cell phones, it might be around for quite some time. Enter the MEMOBIRD Mobile Thermal Printer, a mini-printer that is versatile, portable – and most importantly, never needs a refill on ink or toner. Measuring just a few inches around, […]

What do Facebook, Twitter, YouTube and Google all have in common? Somewhere in their framework, they all use MySQL, that most versatile (and free!) of database management systems. And they’re not alone. If your company or the one you’d like to work for wrangles data (and who doesn’t?), they’re going to need someone with a […]